By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

SearchSecurity.com:

To get security news and tips delivered to your inbox,
click here to sign up for our free newsletter.

Security experts warned that users should work to get the SMB and IIS patches implemented immediately because attackers have already have had access to the exploit code. In September exploit code surfaced on several websites targeting vulnerabilities in both the SMB and IIS and Microsoft issued an advisory recommending users deploy a workaround while its engineers produced and tested a fix.

Josh Phillips, a virus researcher at Kaspersky Lab called the SMB vulnerabilities the most alarming of the bulletins released Tuesday. In a statement, Phillips said the flaws were introduced as part of a Microsoft patch issued in 2007.

"What should be even more concerning for Microsoft, however, is the fact that the vulnerability affects Windows Vista and Windows 7 machines and not Windows XP, a peculiarity we would like not to be repeated," Phillips said.

In addition, the bulletins issued by Microsoft contained the first ever security update for the release-to-manufacturing version of Windows 7, addressing ActiveX control issues as a result of components built using a flawed version of Microsoft Active Template Library.

Eight critical bulletinsMS09-050 addresses three vulnerabilities in Microsoft SMBv2. The SMB is used in Windows to pass messages between networked devices such as printers and file sharing devices. The bulletin is rated critical for SMBv2 on Windows Vista and Windows Server 2008. Microsoft said the update repairs two remote code vulnerabilities that could be exploited if an attacker sends a specially crafted SMB packet to a computer running the Server service. A successful exploit allows an attacker take complete control of a victim's machine. A denial of service flaw was also addressed in the update. If successfully exploited, it could cause a computer to stop responding, Microsoft said.

Ben Greenbaum, a senior research manager at Symantec Security Response said so far publicly available exploit code has not been reliable allowing Microsoft to release the update as part of its regular patch cycle.

MS09-052 addresses a remote code execution vulnerability in Windows Media Player. The heap overflow vulnerability exists in Windows Media Player 6.4 and can be exploited if an attacker passes a malicious ASF file to gain the same user rights as the local user.

MS09-054 addresses four vulnerabilities in Internet Explorer, which could be exploited by an attacker to take full control of a victim's machine. The vulnerabilities affect IE 5.01 and IE 6-8. The bulletin addresses two memory corruption errors a data stream handler corruption vulnerability and an HTML component handling flaw. Microsoft said an attacker could exploit the flaws by getting a user to visit a malicious website.

Microsoft released another update addressing ActiveX kill-bits. MS09-055 addresses an issue created with a flawed version of the Microsoft Active Template Library (ATL) included with Visual Studio. The ATL update is rated critical for users of Windows 2000 and XP, moderate for Windows Server 2003 and important for Windows Vista and Windows 7.

The software giant released a fix to Microsoft Office Outlook 2002, 2003 and 2007 and Office Visio Viewer addressing several ActiveX control vulnerabilities related to the ATL issue. MS09-060 addresses errors to components within the Office applications built using a flawed version of the ATL. If exploited, it could allow an attacker to perform remote code execution on an affected system, Microsoft said. The vulnerabilities affect Microsoft Office 2007 and Windows XP as well as Microsoft Office Visio.

MS09-061 addresses three vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight, which could allow remote code execution. Microsoft warned that the "vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario." The update is rated critical for the Microsoft .NET Framework on Microsoft Windows 2000, XP, Vista, and Windows 7; Microsoft Silverlight 2 on Mac; and Microsoft Silverlight 2 on all releases of Microsoft Windows.

Five important bulletinsMS09-053 addresses two vulnerabilities inthe FTP Service in Microsoft IIS 5.0, 5.1, and 7.0. A remote code execution and denial of service vulnerability could cause the Web server to crash.

MS09-056 addresses two vulnerabilities that leave Microsoft Windows susceptible to a spoofing attack. In order to exploit the flaw, an attacker must gain access to the certificate used by the end user for authentication, Microsoft said. The update is rated important for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. "We are aware that a rogue certificate was distributed in a public forum but we are not aware of any attempts to use this to attack users," said Microsoft's Jerry Bryant in a blog posting on the Microsoft Security Response Center blog.

MS09-057 addresses an ActiveX control indexing vulnerability. Microsoft said the ActiveX control does not properly handle specifically crafted Web content. The flaw could allow an attacker to use a malicious URL granting access to the victim's system. The flaw affects Windows 2000, XP and Windows Server 2003

Several Windows kernel errors are addressed in MS09-058. Microsoft said an attacker must be logged onto the system to exploit the errors enabling an elevation of privileges. The update rated Important for Windows 2000, XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Bulletin re-release Microsoft rereleased an update it issued last year addressing several flaws in Microsoft XML Core Services. MS08-069 was re-released to add detection for Windows 7 and Windows Server 2008 R2. XML Core services is used in a variety of programs in Microsoft Office and Microsoft Windows.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy